Rev 219 | Rev 250 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
2 | daniel-mar | 1 | <?php |
2 | |||
3 | /* |
||
4 | * OIDplus 2.0 |
||
5 | * Copyright 2019 Daniel Marschall, ViaThinkSoft |
||
6 | * |
||
7 | * Licensed under the Apache License, Version 2.0 (the "License"); |
||
8 | * you may not use this file except in compliance with the License. |
||
9 | * You may obtain a copy of the License at |
||
10 | * |
||
11 | * http://www.apache.org/licenses/LICENSE-2.0 |
||
12 | * |
||
13 | * Unless required by applicable law or agreed to in writing, software |
||
14 | * distributed under the License is distributed on an "AS IS" BASIS, |
||
15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||
16 | * See the License for the specific language governing permissions and |
||
17 | * limitations under the License. |
||
18 | */ |
||
19 | |||
104 | daniel-mar | 20 | function oidplus_valid_email($email) { |
2 | daniel-mar | 21 | return !empty(filter_var($email, FILTER_VALIDATE_EMAIL)); |
22 | } |
||
23 | |||
107 | daniel-mar | 24 | function oidplus_link($goto) { |
219 | daniel-mar | 25 | if (strpos($goto, '#') !== false) { |
26 | list($goto, $anchor) = explode('#', $goto, 2); |
||
27 | return 'href="?goto='.urlencode($goto).'#'.htmlentities($anchor).'" onclick="openOidInPanel('.js_escape($goto).', true, '.js_escape($anchor).'); return false;"'; |
||
28 | } else { |
||
29 | return 'href="?goto='.urlencode($goto).'" onclick="openOidInPanel('.js_escape($goto).', true); return false;"'; |
||
30 | } |
||
107 | daniel-mar | 31 | } |
32 | |||
2 | daniel-mar | 33 | function secure_email($email, $linktext, $level=1) { |
34 | |||
35 | // see http://www.spamspan.de/ |
||
36 | |||
37 | /* Level 1 */ |
||
38 | /* |
||
39 | <span class="spamspan"> |
||
40 | <span class="u">user</span> |
||
41 | @ |
||
42 | <span class="d">beispiel.de</span> |
||
43 | (<span class="t">Spam Hasser</span>) |
||
44 | </span> |
||
45 | */ |
||
46 | |||
47 | if ($level == 1) { |
||
104 | daniel-mar | 48 | @list($user, $domain) = explode('@', $email); |
2 | daniel-mar | 49 | if (($linktext == $email) || empty($linktext)) { |
50 | return '<span class="spamspan"><span class="u">'.htmlentities($user).'</span>@<span class="d">'.htmlentities($domain).'</span></span>'; |
||
51 | } else { |
||
52 | return '<span class="spamspan"><span class="u">'.htmlentities($user).'</span>@<span class="d">'.htmlentities($domain).'</span>(<span class="t">'.htmlentities($linktext).'</span>)</span>'; |
||
53 | } |
||
54 | } |
||
55 | |||
56 | /* Level 2 */ |
||
57 | /* |
||
58 | <span class="spamspan"> |
||
59 | <span class="u">user</span> |
||
60 | <img alt="at" width="10" src="@.png"> |
||
61 | <span class="d">beispiel.de</span> |
||
62 | </span> |
||
63 | */ |
||
64 | |||
65 | if ($level == 2) { |
||
66 | list($user, $domain) = explode('@', $email); |
||
67 | return '<span class="spamspan"><span class="u">'.htmlentities($user).'</span><img alt="at" width="10" src="@.png"><span class="d">'.htmlentities($domain).'</span></span>'; |
||
68 | } |
||
69 | |||
70 | /* Level 3 */ |
||
71 | /* |
||
72 | <span class="spamspan"> |
||
73 | <span class="u">user</span> |
||
74 | [at] |
||
75 | <span class="d">beispiel [dot] de</span> |
||
76 | </span> |
||
77 | */ |
||
78 | |||
79 | if ($level == 3) { |
||
80 | list($user, $domain) = explode('@', $email); |
||
81 | $domain = str_replace('.', ' [dot] ', $domain); |
||
82 | return '<span class="spamspan"><span class="u">'.htmlentities($user).'</span> [at] <span class="d">'.htmlentities($domain).'</span></span>'; |
||
83 | } |
||
84 | |||
85 | return null; |
||
86 | |||
87 | |||
88 | // --- Old code --- |
||
89 | |||
90 | // Attention: document.write() JavaScript will damage the browser cache, which leads to bugs if you navigate back&forth with the browser navigation |
||
91 | |||
92 | // No new lines to avoid a JavaScript error! |
||
93 | $linktext = str_replace("\r", ' ', $linktext); |
||
94 | $linktext = str_replace("\n", ' ', $linktext); |
||
95 | |||
96 | if (!function_exists('alas_js_crypt')) |
||
97 | { |
||
98 | function alas_js_crypt($text) |
||
99 | { |
||
100 | $tmp = ''; |
||
101 | for ($i=0; $i<strlen($text); $i++) |
||
102 | { |
||
103 | $tmp .= 'document.write("&#'.ord(substr($text, $i, 1)).';");'; |
||
104 | } |
||
105 | return $tmp; |
||
106 | } |
||
107 | } |
||
108 | |||
109 | if (!function_exists('alas_js_write')) |
||
110 | { |
||
111 | function alas_js_write($text) |
||
112 | { |
||
113 | $text = str_replace('\\', '\\\\', $text); |
||
114 | $text = str_replace('"', '\"', $text); |
||
115 | $text = str_replace('/', '\/', $text); // W3C Validation </a> -> <\/a> |
||
116 | return 'document.write("'.$text.'");'; |
||
117 | } |
||
118 | } |
||
119 | |||
120 | $aus = ''; |
||
121 | if ($email != '') |
||
122 | { |
||
123 | $aus .= '<script><!--'."\n"; // type="text/javascript" is not necessary in HTML5 |
||
124 | $aus .= alas_js_write('<a href="'); |
||
125 | $aus .= alas_js_crypt('mailto:'.$email); |
||
126 | $aus .= alas_js_write('">'); |
||
127 | $aus .= $crypt_linktext ? alas_js_crypt($linktext) : alas_js_write($linktext); |
||
128 | $aus .= alas_js_write('</a>').'// --></script>'; |
||
129 | } |
||
130 | |||
131 | if ($crypt_linktext) $linktext = str_replace('@', '&', $linktext); |
||
132 | $email = str_replace('@', '&', $email); |
||
133 | return $aus.'<noscript>'.htmlentities($linktext).' ('.htmlentities($email).')</noscript>'; |
||
134 | } |
||
135 | |||
136 | function insertWhitespace($str, $index) { |
||
137 | return substr($str, 0, $index) . ' ' . substr($str, $index); |
||
138 | } |
||
139 | |||
140 | function js_escape($data) { |
||
141 | // TODO.... json_encode?? |
||
142 | return "'" . str_replace('\\', '\\\\', $data) . "'"; |
||
143 | } |
||
144 | |||
104 | daniel-mar | 145 | function oidplus_formatdate($date) { |
2 | daniel-mar | 146 | $date = explode(' ', $date)[0]; |
147 | if ($date == '0000-00-00') $date = ''; |
||
148 | return $date; |
||
149 | } |
||
150 | |||
151 | |||
152 | class MailException extends Exception {} |
||
153 | |||
154 | function my_mail($to, $title, $msg, $cc='', $bcc='') { |
||
6 | daniel-mar | 155 | $h = new SecureMailer(); |
2 | daniel-mar | 156 | |
6 | daniel-mar | 157 | $title = $title; |
2 | daniel-mar | 158 | |
76 | daniel-mar | 159 | $h->addHeader('From', OIDplus::config()->getValue('admin_email')); |
2 | daniel-mar | 160 | |
161 | if (!empty($cc)) $h->addHeader('Cc', $cc); |
||
162 | if (!empty($bcc)) $h->addHeader('Bcc', $bcc); |
||
163 | |||
6 | daniel-mar | 164 | $h->addHeader('X-Mailer', 'PHP/'.phpversion()); |
165 | if (isset($_SERVER['REMOTE_ADDR'])) $h->addHeader('X-RemoteAddr', $_SERVER['REMOTE_ADDR']); |
||
121 | daniel-mar | 166 | $h->addHeader('MIME-Version', '1.0'); |
167 | $h->addHeader('Content-Type', 'text/plain; charset=ISO-8859-1'); |
||
2 | daniel-mar | 168 | |
6 | daniel-mar | 169 | $sent = $h->sendMail($to, $title, $msg); |
170 | if (!$sent) { |
||
171 | throw new MailException('Sending mail failed'); |
||
172 | } |
||
11 | daniel-mar | 173 | } |
174 | |||
175 | function trim_br($html) { |
||
176 | do { $html = preg_replace('@^\s*<\s*br\s*/{0,1}\s*>@isU', '', $html, -1, $count); } while ($count > 0); // left trim |
||
177 | do { $html = preg_replace('@<\s*br\s*/{0,1}\s*>\s*$@isU', '', $html, -1, $count); } while ($count > 0); // right trim |
||
178 | return $html; |
||
179 | } |
||
74 | daniel-mar | 180 | |
181 | function verify_private_public_key($privKey, $pubKey) { |
||
182 | try { |
||
183 | if (empty($privKey)) return false; |
||
184 | if (empty($pubKey)) return false; |
||
185 | $data = 'TEST'; |
||
186 | if (!@openssl_public_encrypt($data, $encrypted, $pubKey)) return false; |
||
187 | if (!@openssl_private_decrypt($encrypted, $decrypted, $privKey)) return false; |
||
188 | return $decrypted == $data; |
||
189 | } catch (Exception $e) { |
||
190 | return false; |
||
191 | } |
||
192 | } |
||
193 | |||
194 | function smallhash($data) { // get 31 bits from SHA1. Values 0..2147483647 |
||
195 | return (hexdec(substr(sha1($data),-4*2)) & 2147483647); |
||
196 | } |
||
180 | daniel-mar | 197 | |
182 | daniel-mar | 198 | function split_firstname_lastname($name) { |
199 | $ary = explode(' ', $name); |
||
200 | $last_name = array_pop($ary); |
||
201 | $first_name = implode(' ', $ary); |
||
202 | return array($first_name, $last_name); |
||
203 | } |
||
204 | |||
180 | daniel-mar | 205 | function originHeaders() { |
206 | // CORS |
||
207 | // Author: Till Wehowski |
||
182 | daniel-mar | 208 | |
180 | daniel-mar | 209 | header("Access-Control-Allow-Credentials: true"); |
210 | header("Access-Control-Allow-Origin: ".strip_tags(((isset($_SERVER['HTTP_ORIGIN'])) ? $_SERVER['HTTP_ORIGIN'] : "*"))); |
||
211 | |||
212 | header("Access-Control-Allow-Headers: If-None-Match, X-Requested-With, Origin, X-Frdlweb-Bugs, Etag, X-Forgery-Protection-Token, X-CSRF-Token"); |
||
213 | |||
214 | if (isset($_SERVER['HTTP_ORIGIN'])) { |
||
215 | header('X-Frame-Options: ALLOW-FROM '.$_SERVER['HTTP_ORIGIN']); |
||
216 | } else { |
||
217 | header_remove("X-Frame-Options"); |
||
218 | } |
||
219 | |||
220 | $expose = array('Etag', 'X-CSRF-Token'); |
||
221 | foreach (headers_list() as $num => $header) { |
||
222 | $h = explode(':', $header); |
||
223 | $expose[] = trim($h[0]); |
||
224 | } |
||
225 | header("Access-Control-Expose-Headers: ".implode(',',$expose)); |
||
226 | |||
227 | header("Vary: Origin"); |
||
228 | } |
||
236 | daniel-mar | 229 | |
230 | function get_calling_function() { |
||
231 | $ex = new Exception(); |
||
232 | $trace = $ex->getTrace(); |
||
233 | if (!isset($trace[2])) return '(main)'; |
||
234 | $final_call = $trace[2]; |
||
235 | return $final_call['file'].':'.$final_call['line'].'/'.$final_call['function'].'()'; |
||
236 | } |